I'm trying to prevent any requests from a certain IP from being logged.
SetEnvIf is enabled on apache 2.4.6
# apachectl -V
Server version: Apache/2.4.6 (CentOS)
# apachectl -M | grep -i setenvif
setenvif_module (shared)
My vhost.conf entry:
<VirtualHost *:80>
SetEnvIf Remote_Addr "91\.121\.31\.64" dontlog=1
ServerAdmin webmaster#mydomain.com
ServerName mydomain.com
ServerAlias *.mydomain.com
DocumentRoot /home/domains/mydomain.com/htdocs
ScriptAlias /cgi-bin /home/domains/mydomain.com/cgi-bin
ErrorLog /home/domains/mydomain.com/logs/error_log
CustomLog /home/domains/mydomain.com/logs/combined_log combined env=!dontlog
RewriteEngine on
RewriteCond %{SERVER_NAME} =mydomain.com [OR]
RewriteCond %{SERVER_NAME} =*.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I restart apache, but that IP is still logged. What am I missing?
Related
I am running a website on Ubuntu, apache server and my website is running fine till last night and it suddenly start giving not secure error i.e when accessing using https it is giving error (ssl was installed 1 day back only). When accessing without http it is redirecting to https.
So I reinstall my ssl certificate from certbot, and I did not select all redirect traffic to https. I thought there is some configuration error with ssl so http should work. But issue did not resolve.
Then I thought issue is with my configuration so I checked my logs and I found some errors like -
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
AH01630: client denied by server configuration: /var/www/html/
Such errors are there in my error logs, I am using one virtual host and I have disable the default conf in site-available.
My virtual host file content is
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/domain
ServerName domain.com
ServerAlias www.domain.com
<Directory /var/www/domain/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex home.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com [OR]
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
In place of domain I am using my original domain name.
This is my /etc/hosts entry
127.0.1.1 domain.com domain
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Then I try to change the ip 127.0.1.1 with my server ip address and then I reinstall my ssl certificate using command:
sudo certbot --apache -d domain.com -d www.domain.com
It says ssl successfully install but when I try to access my website it is still not working and showing ssl error or when i try without ssl it says access forbidden.
What I understand from logs is that it is not searching my file directory /var/www/domain/ it is searching file directory of default configuration which I disabled /var/www/html/.
So to solve the issue temporary I enabled default host file and changed the directory from /var/www/html/ this to /var/www/domain/ and below in domain.com.conf and domain.com-le-ssl.conf host file I changed https to http
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com [OR]
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ http://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So website start working for http and redirecting all traffic from https to http. But I need to install ssl and want to make all configuration proper. Can anyone help me out to solve this issue!
Edit -
here is my vhost 443 entry
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/domain
ServerName domain.com
ServerAlias www.domain.com
<Directory /var/www/domain/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex home.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com [OR]
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/letsfindcourse.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/letsfindcourse.com/privkey.pem
</VirtualHost>
</IfModule>
I am struggling with the https redirection of my domain. My domain is hosted with godaddy and my server is hosted with ionos. I was able to install the ssl certification and if I go directly on https: //domain.com it is working as expected. Unfortunately, the redirection is not working at all.
the conf file looks like that:
<VirtualHost *:80>
ServerAdmin admin#domain.de
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com [OR]
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
and the ssl conf file like that:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin#domain.de
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =domain.com [OR]
# RewriteCond %{SERVER_NAME} =www.domain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
</IfModule>
I hope someone has an idea regarding this.
Thanks a lot!
This should work, place it out of the virtualhosts (might not make a difference), and also make sure mod_rewrite is on.
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Edit:
Added the flags R=301 and L for the redirect.
Info:
If the above doesn't work when you place it outside of virtualhosts, you should add the following after the RewriteEngine On:
RewriteOptions InheritDown
I have installed SSL Certificates on my website and on the example.com everything works fine, meaning that typing example.com redirects correctly to https://example.com. However, I have installed a certificate for a subdomain as well such that the link becomes: subdomain.example.com.
My goal is to have subdomain.example.com redirect to https://subdomain.example.com . This might sound weird but this semi-works meaning that when I first surf to subdomain.example.com it uses the http protocol but when I refresh that same page it switches to https protocol.
This is my VirtualHost conf file (port 80):
<VirtualHost *:80>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://example.com/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#RewriteCond %{SERVER_PORT} !443
#RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/ [R=301,L]
</VirtualHost>
I have removed to non related lines from this sample above. Here is the 443 conf file:
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
#Allow forwarding to gitlab-workhorse
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://domain/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subexample.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
Header always set Content-Security-Policy upgrade-insecure-requests
</VirtualHost>
</IfModule>
Worth noting is that I am using certbot.
Hopefully someone can help me.
You say "My goal is to have subdomain.example.com redirect to https://subdomain.example.com".
Then why have all that proxy configuration in your :80 VirtualHost? Simply force the redirection to :443, and let :443 handle the proxy (and other).
So your VirtualHost would become:
<VirtualHost *:80>
ServerName subdomain.example.com
CustomLog logs/subdomain_80_access.log combined
ErrorLog logs/subdomain_80_error.log
RewriteEngine On
RedirectMatch ^/(.*)$ https://subdomain.example.com/$1
</VirtualHost>
I have one application that listens on TCP 127.0.0.1:81.
I want to accomplish the following redirection:
www.example.com/?requestid=123456 --> http://127.0.0.1:81/?requestid=123456
www.example.com/ANYTHING_ELSE --> MY_IP_THAT_APACHE_LISTENS_ON
My understanding is that if I will not rewrite something explicitly, it will follow the regular path to the /var/www/html.
My /etc/apache2/sites-enabled/000-default.conf configuration:
<VirtualHost *:80>
ServerName example.com
ServerAdmin example#example.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location />
RewriteEngine On
RewriteRule ^/?requestid(.*)$ http://127.0.0.1:81/$1 [P]
ProxyPassReverse http://127.0.0.1:81/
Order allow,deny
Allow from all
</Location>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Why it does not rewrite properly and keep hitting the normal patch?
Not Found
The requested URL /bullshit was not found on this server.
Apache/2.4.25 (Debian) Server at example.com Port 80
From RewriteRule Directive:
In VirtualHost context, The Pattern will initially be matched against
the part of the URL after the hostname and port, and before the query
string (e.g. "/app1/index.html"). This is the (%-decoded) URL-path.
If you wish to match against the hostname, port, or query string,
use a RewriteCond with the %{HTTP_HOST}, %{SERVER_PORT}, or
%{QUERY_STRING} variables respectively.
So, you will need something like this:
RewriteEngine On
RewriteCond %{QUERY_STRING} requestid=(.+)
RewriteRule ^/$ http://127.0.0.1:81/?requestid=%1 [P]
I have an Ubuntu server with multiple php applications running with Apache on port 9999.
At the same time, my NodeJS app on the same server runs on port 8080 and I use apache's virtual host to redirect requests from port 80 or 443 to my NodeJS app.
My virtual host looks like that:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
SSLEngine on
SSLCertificateFile /ssl/example.com.pem
SSLCertificateKeyFile /ssl/example.com.key
SSLCACertificateFile /ssl/intermediate.pem
ServerAdmin webmaster#localhost
DocumentRoot /home/marcel/www/example
Options -Indexes
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests on
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
Now all requests to example.com should be redirected to https://www.example.com. I have this .htaccess file.
Options -MultiViews
ErrorDocument 404 /404.html
<IfModule mod_rewrite.c>
Options +FollowSymlinks
# Options +SymLinksIfOwnerMatch
RewriteEngine On
# RewriteBase /
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
My Problem: When I go to http://example.com, I get redirected to https://example.com (without www, but ok) and I get a 307 redirect! I want 301 for SEO reasons. Same thing happens if I do www.example.com => it goes to https://www.example.com but also with 307 redirect.